Ars Technica has an interesting article on the future of the Internet. Much of the article is riffing on an interview with and paper authord by Jason Healy, director of the Cyber Statecraft Initiative at the Atlantic Council of the United States.
It is a very interesting article, and I strongly encourage all to read it. One thing I particularly like about the article is that while there is a bit of the sensational (Cybergeddon!), the spectrum of possible outcomes is presented with a reasonable probability assessment. The article actually encourages you to draw your own conclusions.
The main thing I think I can add to the article is the perspective of age; wisdom is probably too strong a term. There is no doubt that the Internet has created an immense amount of economic value. Indeed, this is why there are such problems with cybercrime; modern day Willie Suttons don’t have to rob banks anymore, because the Internet is where the money is.
Instead of wondering what’s going to happen to the Internet, I ask you to consider this thought first: why in the hell did any bank ever think that setting up a “branch” on the Internet was a good idea? Don’t get me wrong, I too enjoy the convenience of online bill payment. But none of the security measures that banks have traditionally relied on are worth a damn on the Internet. Hell, they can’t even call the cops if the perpetrators are located in a country that is less concerned with cybercrime.
Assume for a second that banks aren’t stupid; at the very least, assume they aren’t going to take unnecessary risks. In this scenario, someone in charge of risk analysis must think that online banking is not a risk…to the bank. So criminals are out there and the bank doesn’t think they are at risk…who’s left? As De Niro has said, “You talkin’ to me?”
The problem with the Internet is not all the criminals; well, maybe that is the problem, but it’s not a solvable one. The potentially solvable problem with the Internet is all of the entities that naively put out their shingle on the Internet, thinking the Internet is unlike “every other domain of human existence,” to quote Healy. The problem is those who believe that security should be someone else’s concern, either the customer’s (buyer beware!), or technology’s, or the government’s.
I guess what I’m trying to say that which path the Internet takes is a choice, not a crap shoot. If firms that do business on the Internet accept the true cost of security and build it into their business model, then I think we can foresee a rosier future. If these firms continue to insist that security is someone else’s risk, well…roll the bones.